Improper access control

2019-05-2919:29:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as “CWE-284: Improper Access Control.” This vulnerability, for example, allows a potential attacker to delete video or read video data.

CPENameOperatorVersion
access_easy_controller_firmwareeq2.1.8.5
access_easy_controller_firmwareeq2.1.9.0
access_easy_controller_firmwareeq2.1.9.1
access_easy_controller_firmwareeq2.1.9.3
access_professional_editionge3.0
access_professional_editionle3.7
bosch_video_clientlt1.7.6.079
bosch_video_management_systemle9.0
building_integration_systemge2.2
building_integration_systemle4.4

Name	Operator	Version
access_easy_controller_firmware	eq	2.1.8.5
access_easy_controller_firmware	eq	2.1.9.0
access_easy_controller_firmware	eq	2.1.9.1
access_easy_controller_firmware	eq	2.1.9.3
access_professional_edition	ge	3.0
access_professional_edition	le	3.7
bosch_video_client	lt	1.7.6.079
bosch_video_management_system	le	9.0
building_integration_system	ge	2.2
building_integration_system	le	4.4